ProofHelm v0.1
Features How it works Deploy Evidence FAQ Contact
Request a demo
Vendor-neutral runtime firewall for LLMs & agents

Stop prompt injection, PII leaks & rogue tool calls — with verifiable evidence .

ProofHelm is a zero-trust runtime AI security layer that sits between your apps/agents and any LLM provider. It enforces policies in real time and produces signed, audit-ready traces for compliance.

Deploy in minutes See the flow Email us
<150ms Fast path policy + detectors (typical)
Prompt + Output Bi-directional firewall coverage
Signed Evidence For EU-style audit trails & security reviews
Live verdict stream
SAFE BLOCK
OpenAI-compatible gateway (optional) SDK middleware SIEM export

What ProofHelm protects

Built for modern AI systems: LLM chat endpoints, RAG assistants, multi-agent workflows, tool execution, and internal AI copilots.

Prompt Injection Defense

Blocks jailbreaks, instruction override attempts, data exfiltration prompts, and policy bypass patterns.

Output Firewall

Detects PII leakage, disallowed content, and hallucinated tool calls before they reach users or downstream systems.

Tool / Agent Controls

Zero-trust enforcement for tool execution: allowlists, scopes, rate limits, and contextual rules per agent.

Vendor-Neutral

Works with any LLM provider (OpenAI, Azure OpenAI, Anthropic, Bedrock, local models) through a gateway or SDK.

Signed Evidence

Every decision ships with trace + cryptographic signature for audits and incident investigations.

Real-time Visibility

Stream verdicts over WebSocket for dashboards, SOC alerts, and incident response workflows.

How it works

A layered pipeline minimizes latency and cost: fast local checks first, optional LLM guard as a last resort, and signed evidence for every step.

Request path (Prompt)

  • Policy gate: allowed tools, scopes, token limits.
  • Regex: known jailbreak patterns.
  • Signature: curated rules (OWASP-style patterns, internal threats).
  • Heuristic: length/token anomalies & risk scoring.
  • Optional LLM guard: adjudicate ambiguous cases under a strict budget.

Output: { verdict, trace[], evidence_sig }

Response path (Output)

  • PII scan: emails, IDs, credit card patterns (configurable).
  • Tool-call validator: blocks hallucinated tools or malformed JSON.
  • Disallowed content rules: org policy (customizable).
  • Redaction mode: mask sensitive fragments (optional).

Same evidence model, same audit trail.

Deploy options

Start simple, then scale: self-hosted gateway, SDK middleware, or OpenAI-compatible proxy to cover every language with a base URL change.

1) Gateway (recommended)

Run ProofHelm as a FastAPI gateway and route LLM traffic through it.

POST /api/prompt → decision + evidence
POST /api/output → output firewall + evidence
WS /ws/firehose → live events

2) SDK / Middleware

Integrate in your Python / Node services to attach rich context (agent name, tool, user, tenant).

Great for internal agents and microservices where you want fine-grained policy.

3) OpenAI-compatible “base_url” mode (covers every language)

Use official SDKs — just change base_url to your ProofHelm gateway endpoint.

This approach is usually the fastest rollout for enterprises using mixed stacks.

Evidence & compliance

ProofHelm is designed for security reviews and audit workflows. Every decision includes a detector trace and a cryptographic signature.

What you can prove

  • Which detectors fired (and why).
  • Which policy blocked a tool or action.
  • When the decision happened (timestamped).
  • That the evidence wasn’t modified (signature verification).

What you can export

  • Append-only evidence logs (Postgres / object storage).
  • Live SOC feed (WebSocket, SIEM integration).
  • Replay harness for red-team prompt corpora.

Built for modern AI threat models

Prompt injection, data exfiltration, agent tool abuse, and output leakage are the new “runtime” risks in AI systems. ProofHelm’s approach is: cheap checks first, policy enforcement always, evidence on every decision.

FAQ

A few quick answers for teams evaluating ProofHelm.

Does ProofHelm replace provider safety filters?

No. Provider safety filters are useful, but they’re not enough for enterprise controls like tool allowlists, audit trails, and org-specific policies. ProofHelm is an additional control layer.

Will this slow down our AI apps?

The design is layered: most requests are decided by fast local checks. Optional LLM-based adjudication is budgeted and used only for ambiguous cases.

Can we self-host?

Yes. Run the gateway with Redis/Postgres (Docker Compose or Kubernetes). You can keep all traffic in your environment.

Does it work with agents (tools, browsing, actions)?

Yes. The policy layer is built for agent contexts: tool name, scopes, allowed domains/paths, and per-agent rules.

How do we start?

Start with a single gateway in front of one AI workflow. Turn on the WebSocket stream and review what gets blocked, then tighten rules and expand rollout.

Request a demo

Tell us what you’re building (RAG assistant, agent workflow, internal copilot) and we’ll show you how ProofHelm fits in.

Contact form

Prefer email? hello@proofhelm.com

What you’ll get in the demo

  • Live prompt + output firewall decisions with traces.
  • Signed evidence and how to verify it.
  • How to deploy as a gateway or SDK (and cover Node/JS).
  • Example policies for tools, data, and agent scope.
  • Rollout plan: pilot → production → compliance pack.

Tip: Create a data/ folder with write permissions to store form submissions: /data/leads.jsonl